286 lines
8 KiB
PHP
286 lines
8 KiB
PHP
<?php
|
|
// We need to accept raw SQL data in label queries, so not everything is escaped
|
|
// here, this is by design. If you don't like it, disable labels
|
|
// altogether with GLOBAL_ENABLE_LABELS = false
|
|
|
|
function module_pref_labels($link) {
|
|
if (!GLOBAL_ENABLE_LABELS) {
|
|
|
|
print "<p>Sorry, labels have been administratively disabled for this installation. Please contact instance owner or edit configuration file to enable this functionality.</p>";
|
|
return;
|
|
}
|
|
|
|
$subop = $_GET["subop"];
|
|
|
|
if ($subop == "edit") {
|
|
|
|
$label_id = db_escape_string($_GET["id"]);
|
|
|
|
$result = db_query($link, "SELECT sql_exp,description FROM ttrss_labels WHERE
|
|
owner_uid = ".$_SESSION["uid"]." AND id = '$label_id' ORDER by description");
|
|
|
|
$line = db_fetch_assoc($result);
|
|
|
|
$sql_exp = htmlspecialchars(db_unescape_string($line["sql_exp"]));
|
|
$description = htmlspecialchars(db_unescape_string($line["description"]));
|
|
|
|
print "<div id=\"infoBoxTitle\">Label editor</div>";
|
|
print "<div class=\"infoBoxContents\">";
|
|
|
|
print "<form id=\"label_edit_form\" onsubmit='return false'>";
|
|
|
|
print "<input type=\"hidden\" name=\"op\" value=\"pref-labels\">";
|
|
print "<input type=\"hidden\" name=\"id\" value=\"$label_id\">";
|
|
print "<input type=\"hidden\" name=\"subop\" value=\"editSave\">";
|
|
|
|
print "<table width='100%'>";
|
|
|
|
print "<tr><td>Caption:</td>
|
|
<td><input onkeypress=\"return filterCR(event, labelEditSave)\"
|
|
onkeyup=\"toggleSubmitNotEmpty(this, 'infobox_submit')\"
|
|
onchange=\"toggleSubmitNotEmpty(this, 'infobox_submit')\"
|
|
name=\"description\" class=\"iedit\" value=\"$description\">";
|
|
|
|
print "</td></tr>";
|
|
|
|
print "<tr><td colspan=\"2\">
|
|
<p>SQL Expression:</p>";
|
|
|
|
print "<textarea onkeyup=\"toggleSubmitNotEmpty(this, 'infobox_submit')\"
|
|
rows=\"4\" name=\"sql_exp\" class=\"iedit\">$sql_exp</textarea>";
|
|
|
|
print "</td></tr></table>";
|
|
|
|
print "</form>";
|
|
|
|
print "<div style=\"display : none\" id=\"label_test_result\"></div>";
|
|
|
|
print "<div align='right'>";
|
|
|
|
$is_disabled = (strpos($_SERVER['HTTP_USER_AGENT'], 'Opera') !== FALSE) ? "disabled" : "";
|
|
|
|
print "<input $is_disabled type=\"submit\" onclick=\"return labelTest()\" value=\"Test\">
|
|
";
|
|
|
|
print "<input type=\"submit\"
|
|
id=\"infobox_submit\"
|
|
class=\"button\" onclick=\"return labelEditSave()\"
|
|
value=\"Save\"> ";
|
|
|
|
print "<input class=\"button\"
|
|
type=\"submit\" onclick=\"return labelEditCancel()\"
|
|
value=\"Cancel\">";
|
|
|
|
print "</div>";
|
|
|
|
return;
|
|
}
|
|
|
|
if ($subop == "test") {
|
|
|
|
$expr = db_unescape_string(trim($_GET["expr"]));
|
|
$descr = db_unescape_string(trim($_GET["descr"]));
|
|
|
|
print "<div>";
|
|
|
|
error_reporting(0);
|
|
|
|
|
|
$result = db_query($link,
|
|
"SELECT count(ttrss_entries.id) AS num_matches
|
|
FROM ttrss_entries,ttrss_user_entries,ttrss_feeds
|
|
WHERE ($expr) AND
|
|
ttrss_user_entries.ref_id = ttrss_entries.id AND
|
|
ttrss_user_entries.feed_id = ttrss_feeds.id AND
|
|
ttrss_user_entries.owner_uid = " . $_SESSION["uid"], false);
|
|
|
|
error_reporting (DEFAULT_ERROR_LEVEL);
|
|
|
|
if (!$result) {
|
|
print "<p>" . db_last_error($link) . "</p>";
|
|
print "</div>";
|
|
return;
|
|
}
|
|
|
|
$num_matches = db_fetch_result($result, 0, "num_matches");;
|
|
|
|
if ($num_matches > 0) {
|
|
|
|
if ($num_matches > 10) {
|
|
$showing_msg = ", showing first 10";
|
|
}
|
|
|
|
print "<p>Query returned <b>$num_matches</b> matches$showing_msg:</p>";
|
|
|
|
$result = db_query($link,
|
|
"SELECT ttrss_entries.title,
|
|
(SELECT title FROM ttrss_feeds WHERE id = feed_id) AS feed_title
|
|
FROM ttrss_entries,ttrss_user_entries,ttrss_feeds
|
|
WHERE ($expr) AND
|
|
ttrss_user_entries.ref_id = ttrss_entries.id
|
|
AND ttrss_user_entries.feed_id = ttrss_feeds.id
|
|
AND ttrss_user_entries.owner_uid = " . $_SESSION["uid"] . "
|
|
ORDER BY date_entered DESC LIMIT 10", false);
|
|
|
|
print "<ul class=\"labelTestResults\">";
|
|
|
|
$row_class = "even";
|
|
|
|
while ($line = db_fetch_assoc($result)) {
|
|
$row_class = toggleEvenOdd($row_class);
|
|
|
|
print "<li class=\"$row_class\">".$line["title"].
|
|
" <span class=\"insensitive\">(".$line["feed_title"].")</span></li>";
|
|
}
|
|
print "</ul>";
|
|
|
|
} else {
|
|
print "<p>Query didn't return any matches.</p>";
|
|
}
|
|
|
|
print "</div>";
|
|
|
|
return;
|
|
}
|
|
|
|
if ($subop == "editSave") {
|
|
|
|
$sql_exp = trim($_GET["sql_exp"]);
|
|
$descr = db_escape_string(trim($_GET["description"]));
|
|
$label_id = db_escape_string($_GET["id"]);
|
|
|
|
$result = db_query($link, "UPDATE ttrss_labels SET
|
|
sql_exp = '$sql_exp',
|
|
description = '$descr'
|
|
WHERE id = '$label_id'");
|
|
}
|
|
|
|
if ($subop == "remove") {
|
|
|
|
if (!WEB_DEMO_MODE) {
|
|
|
|
$ids = split(",", db_escape_string($_GET["ids"]));
|
|
|
|
foreach ($ids as $id) {
|
|
db_query($link, "DELETE FROM ttrss_labels WHERE id = '$id'");
|
|
|
|
}
|
|
}
|
|
}
|
|
|
|
if ($subop == "add") {
|
|
|
|
if (!WEB_DEMO_MODE) {
|
|
|
|
// no escaping is done here on purpose
|
|
$sql_exp = trim($_GET["sql_exp"]);
|
|
$description = db_escape_string($_GET["description"]);
|
|
|
|
if (!$sql_exp || !$description) return;
|
|
|
|
$result = db_query($link,
|
|
"INSERT INTO ttrss_labels (sql_exp,description,owner_uid)
|
|
VALUES ('$sql_exp', '$description', '".$_SESSION["uid"]."')");
|
|
}
|
|
}
|
|
|
|
$sort = db_escape_string($_GET["sort"]);
|
|
|
|
if (!$sort || $sort == "undefined") {
|
|
$sort = "description";
|
|
}
|
|
|
|
print "<a class='helpLinkPic' href=\"javascript:displayHelpInfobox(1)\">
|
|
<img src='images/sign_quest.png'></a>";
|
|
|
|
print "<div class=\"prefGenericAddBox\">";
|
|
|
|
print"<input type=\"submit\" class=\"button\"
|
|
id=\"label_create_btn\"
|
|
onclick=\"return displayDlg('quickAddLabel', false)\"
|
|
value=\"".__('Create label')."\"></div>";
|
|
|
|
$result = db_query($link, "SELECT
|
|
id,sql_exp,description
|
|
FROM
|
|
ttrss_labels
|
|
WHERE
|
|
owner_uid = ".$_SESSION["uid"]."
|
|
ORDER BY $sort");
|
|
|
|
// print "<div id=\"infoBoxShadow\"><div id=\"infoBox\">PLACEHOLDER</div></div>";
|
|
|
|
if (db_num_rows($result) != 0) {
|
|
|
|
print "<p><table width=\"100%\" cellspacing=\"0\"
|
|
class=\"prefLabelList\" id=\"prefLabelList\">";
|
|
|
|
print "<tr><td class=\"selectPrompt\" colspan=\"8\">
|
|
Select:
|
|
<a href=\"javascript:selectPrefRows('label', true)\">All</a>,
|
|
<a href=\"javascript:selectPrefRows('label', false)\">None</a>
|
|
</td</tr>";
|
|
|
|
print "<tr class=\"title\">
|
|
<td width=\"5%\"> </td>
|
|
<td width=\"30%\"><a href=\"javascript:updateLabelList('description')\">".__('Caption')."</a></td>
|
|
<td width=\"50%\"><a href=\"javascript:updateLabelList('sql_exp')\">".__('SQL Expression')."</a>
|
|
</td>
|
|
</tr>";
|
|
|
|
$lnum = 0;
|
|
|
|
while ($line = db_fetch_assoc($result)) {
|
|
|
|
$class = ($lnum % 2) ? "even" : "odd";
|
|
|
|
$label_id = $line["id"];
|
|
$edit_label_id = $_GET["id"];
|
|
|
|
if ($subop == "edit" && $label_id != $edit_label_id) {
|
|
$class .= "Grayed";
|
|
$this_row_id = "";
|
|
} else {
|
|
$this_row_id = "id=\"LILRR-$label_id\"";
|
|
}
|
|
|
|
print "<tr class=\"$class\" $this_row_id>";
|
|
|
|
$line["sql_exp"] = htmlspecialchars(db_unescape_string($line["sql_exp"]));
|
|
$line["description"] = htmlspecialchars(
|
|
db_unescape_string($line["description"]));
|
|
|
|
if (!$line["description"]) $line["description"] = "[No caption]";
|
|
|
|
print "<td align='center'><input onclick='toggleSelectPrefRow(this, \"label\");'
|
|
type=\"checkbox\" id=\"LICHK-".$line["id"]."\"></td>";
|
|
|
|
print "<td><a href=\"javascript:editLabel($label_id);\">" .
|
|
$line["description"] . "</td>";
|
|
|
|
print "<td><a href=\"javascript:editLabel($label_id);\">" .
|
|
$line["sql_exp"] . "</td>";
|
|
|
|
print "</tr>";
|
|
|
|
++$lnum;
|
|
}
|
|
|
|
if ($lnum == 0) {
|
|
print "<tr><td colspan=\"4\" align=\"center\">".__('No labels defined.')."</td></tr>";
|
|
}
|
|
|
|
print "</table>";
|
|
|
|
print "<p id=\"labelOpToolbar\">";
|
|
|
|
print "<input type=\"submit\" class=\"button\" disabled=\"true\"
|
|
onclick=\"javascript:editSelectedLabel()\" value=\"".__('Edit')."\">
|
|
<input type=\"submit\" class=\"button\" disabled=\"true\"
|
|
onclick=\"javascript:removeSelectedLabels()\" value=\"".__('Remove')."\">";
|
|
|
|
} else {
|
|
print "<p>".__('No labels defined.')."</p>";
|
|
}
|
|
}
|
|
?>
|